Latest Cyber Security woes for UK SMEs and customers
While we’ve been enjoying the summer the constant business of thwarting scams and cyber-attacks has shown little sign of slowing down.
Criminal attacks on businesses and customers have continued with criminals finding new ways of parting us from our money while we’re distracted with work and play.
● Holiday scammers
This summer it was revealed that airport travellers were targeted by email scammers. Thousands of people were sent bogus emails from a UK airport in an attempt to defraud them, according to GCHQ’s National Cyber Security Centre. In this latest cyber-attack, a fake gov.uk address was used by cybercriminals but the NCSS managed to prevent the messages ever reaching the intended victims.
The name of the airport has not been revealed but 20,000 scam emails asked intended recipients to pay a fee to receive a larger refund. The foiled scheme demonstrates the worrying trend where real email addresses can be disguised to impersonate legitimate sources – for example recently HM Revenue and Customs was a popular disguise used in phishing attacks sent to unsuspecting businesses and individuals.
● College returners faced with computer crime
As students make their way back to College and university, one College found itself hit by hackers. Swindon College has advised its students and staff to check their bank accounts after discovering a cyber-attack on its network systems. Unauthorised access to personal data of staff and students prompted the warning by the further education College where a criminal investigation is now underway though the numbers affected has not been confirmed. In line with GDPR requirements, the data breach has been reported to the Information Commissioner’s Office and the National Crime Agency.
This latest attack in the education sector follows on a test of cyber defences of UK universities earlier in the year. Test hackers were able to access data systems and research data in just two hours in the simulations carried out by JISC, the organisation providing internet and other shared digital services to the UK’s universities and research centres.
● Businesses are prime target for cyber criminals
Whatever the season businesses are a prime target for cyber criminals . Micro businesses – companies with fewer than nine employees – are especially vulnerable and can face catastrophic consequences. At least half of micro businesses in the UK are victims of cyber-attacks every year, compared to just a third of other companies, according to the Association of Independent Professionals and the Self-Employed (IPSE).
This summer saw reports of London-based microbusiness owner Bree Kotomah put out of business after her Instagram account was hacked. Typical of many people who now use social media to promote their business, Ms Kotomah used an Instagram account for her fashion business, using PayPal and a mobile app to invoice customers. She then found her Instagram compromised and her reputation suffered. After initially being disheartened, she went on to set up a new website and learn more about running a business, and was awarded Young Freelancer of the Year by IPSE.
UK SMEs suffer almost 10,000 cyber-attacks daily
Cybercrime is costing small businesses billions of pounds a year through phishing, malware and payment scams according to the Federation of Small Businesses (FSB). Their survey of 1,135 UK businesses published this summer revealed the scale of attacks which are being made each day:
● One in five small firms said they’d experienced a cyber-attack in the previous two years
● Over seven million individual attacks had been reported in that period, equalling 9,741 incidents a day.
● Phishing was the most frequent type of cyber-attack with 530,000 SMEs falling victim to these attacks in the past two years
● Businesses also reported cases of malware (374,000), ransom-ware (260,000) and fraudulent payment requests (301,000).
The FSB commented that “ The annual cost of such attacks to the small business community is estimated to be £4.5 billion, with the average cost of an individual attack put at £1,300.”
Looking at the cyber security steps taken by firms, the survey found:
► One in three small firms (35%) say they had not installed security software over the past two years
► Four in ten (40%) did not regularly update software, and a similar number did not back up data and IT systems.
► Worryingly, fewer than half (47%) had a strict password policy for devices.
The FSB called on the government to do more, for example increasing investing in cyber upskilling for police personnel.
What action should SMEs take against cyber-crime?
With fraud now the second most common crime type in England and Wales, every type of business is vulnerable to fraudsters and especially cyber threats. The National Crime Agency believes that the scale and complexity of cyber-attacks is increasing due to:
1. ‘Off the shelf‘ tools mean that less technically-able criminals can commit online crimes more readily
2. Technical capabilities have evolved leading to increased new crimes and harms which can be caused
Although the new General Data Protection Regulation is likely to give a better picture of the scale of cyber-attacks on businesses and organisation there is known to be significant under-reporting.
“If you are not safe in a world that is increasingly online then essentially you will not be able to do business.”
There’s no doubt that the best action SMEs can take against cyber-crime is to have effective cyber security. Here are the basic security steps which can help prevent cyber-attacks:
1. Passwords – make sure that you and your staff use strong passwords and have don’t use the same ones for different log-ins
2. Security software – have the latest software installed such as anti-virus and two-factor authentication. Ensure it is installed on all computers/devices and that it is enabled. This will protect your business from damaging malware being installed.
3. Firewall – ensure that the ‘firewall’ is switched on for all browsers used on all devices used. A firewall functions to create a ‘buffer zone’ between your hardware and external sources (e.g. the internet, USB sticks)
Most browsers on PCs and operating systems on mobile devices include a firewall but it’s important to ensure it is switched on.
There are many more ways that businesses can maximise the security of their Information and Communications Technology (ICT). 360ict Ltd have been working with SMEs and other organisations for years to ensure that their IT systems and networks are protected and working in the best way.
Offering a hassle-free IT service every time, 360ict provides IT help to organisations in a range of ways – from fixing problems, to managing all your IT or providing extra resource for your in-house IT team. Businesses have long valued our first class support, responsiveness and effectiveness.
Contact 360ict to find out more – call 0204 538 4774 or Contact Us